net/socket/ssl_client_socket_impl.cc - Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_impl.cc

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check

Patch Set: Comments from estark Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_impl.cc

diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc

index 97a3997a2e3b8bae9a7307ab4ab6e1f2878ee000..a7a5d338a9679ac3c5a14db651fd2cb2d718dc27 100644

--- a/net/socket/ssl_client_socket_impl.cc

+++ b/net/socket/ssl_client_socket_impl.cc

@@ -795,6 +795,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {

ssl_info->token_binding_negotiated = tb_was_negotiated_;

ssl_info->token_binding_key_param = tb_negotiated_param_;

ssl_info->pinning_failure_log = pinning_failure_log_;

+ ssl_info->ocsp = server_cert_verify_result_.ocsp;

AddCTInfoToSSLInfo(ssl_info);

@@ -1284,13 +1285,11 @@ int SSLClientSocketImpl::DoVerifyCert(int result) {

}

std::string ocsp_response;

- if (cert_verifier_->SupportsOCSPStapling()) {

- const uint8_t* ocsp_response_raw;

- size_t ocsp_response_len;

- SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);

- ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw),

- ocsp_response_len);

- }

+ const uint8_t* ocsp_response_raw;

+ size_t ocsp_response_len;

+ SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);

+ ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw),

+ ocsp_response_len);

start_cert_verification_time_ = base::TimeTicks::Now();

« net/cert/ocsp_verify_result.cc ('K') | « net/net.gypi ('k') | net/ssl/ssl_info.h » ('j') | net/ssl/ssl_info.h » ('J')